5H311 1NJ3C706 Ransomware

What is 5H311 1NJ3C706 Ransomware?

5H311 1NJ3C706 Ransomware is a malicious threat that encrypts files on the victim’s computer and then shows a note demanding to pay a ransom. Usually, we do not recommend paying the ransom because there is always a chance the user could be tricked, and the money he spends might go to waste, but in this case, it may not be necessary. Apparently, the malware has an integrated decryption tool, which deciphers all user’s data after entering this passcode: 666HackerThn. Of course, we cannot be sure the decryption password will not be changed, but if you come across this infection and you have no other options to get your data back, it is worth a try. Needless to say, later on, we would recommend removing 5H311 1NJ3C706 Ransomware from the computer as leaving it could be still dangerous. If you need help with its deletion, you should take a look at the instructions we will place below the article.

Where does 5H311 1NJ3C706 Ransomware come from?

The truth is we suspect the cybercriminals might not have started distributing it yet and we will explain why it is possible in the next paragraph. However, if 5H311 1NJ3C706 Ransomware can be encountered, we think users would most likely come across it after opening infected email attachments or fake updates and software setup files. Therefore, if you do not want to infect your device with such malicious software ever again, you should pay more attention to what data you open and download while surfing the Internet. Torrent websites and file-sharing web pages alike are always a bad idea since the installers they offer might be bundled with malware. You should also watch out for files sent via email if they come from unknown senders or if you were not supposed to receive them. As an extra precaution, you could scan suspicious data with a legitimate antimalware tool first.

How does 5H311 1NJ3C706 Ransomware work?

The main malware’s task is to encipher the user’s data. Since 5H311 1NJ3C706 Ransomware should work silently in the background, the user may not even realize what is happening until he sees the threat’s extension added to his files. To be more accurate, the infection appends .5H311 1NJ3C706 extension to each enciphered file. Once it is done the data can no longer be launched as the computer does not recognize it anymore. Removing the extra extension is useless as it would not change anything.

Furthermore, the moment the malicious application is done with encrypting user’s data, it should open a window showing the cybercriminal's behind 5H311 1NJ3C706 Ransomware logo, a timer, a message, and the decryption button. The text should say: “Send 300 Bitcoin to this address: 17sWg2xuBjtEJsXhAJkZJiSwbEEirRSXRS.” This line is what makes us think the malware’s creators might not be spreading it yet. As you see, 300 Bitcoins would be almost 2 million US dollars. Obviously, it is not something a lot of computer users could or be willing to pay. Thus, we doubt the hackers would receive any money. A more realistic scenario is the cybercriminals are still testing the infection, and the sum on the ransom note will change once they start spreading it.

How to erase 5H311 1NJ3C706 Ransomware?

If you come across the malware, you should first try to decrypt your files by entering the passcode mentioned earlier (666HackerThn) into the empty box on the threat’s window. Click Submit Key and wait till the decryption is over. Then get rid of 5H311 1NJ3C706 Ransomware with a legitimate antimalware tool or with the manual deletion instructions available below.

Get rid of 5H311 1NJ3C706 Ransomware

1. Press Ctrl+Alt+Delete.
2. Select Task Manager.
3. Identify the threat’s process.
4. Choose this process and click End Task.
5. Leave Task Manager.
6. Tap Windows key+E.
7. Navigate to the following paths:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Find the file that was launched when the device got infected.
9. Right-click the malicious file and press Delete.
10. Close File Explorer.
11. Empty your Recycle bin.
12. Restart the system. Download Removal Tool100% FREE spyware scan and
    tested removal of 5H311 1NJ3C706 Ransomware*

Stop these 5H311 1NJ3C706 Ransomware Processes: